Hello to all,
I have set up a WG SERVER in Mikrotik and several WG-Clients
One of my WG-Clients which is a Hap-lite is extremely slow and seems to "limit the throughput. The client connection is a 30Mbit ADSL and the server connection is 1Gbit Fiber.
The topology is like this.
The Mikrotik client HAP-lite has all the traffic from Wifi sent over the WG-Tunnel. The device is connected to the LAN via Ethernet Cable.
Pinging with 1400 MTU without WG is about 75-85ms,
Pinging with 1400 MTU with WG is about 1500-2500ms.
Here is the config.
/interface pwr-line
set [ find default-name=pwr-line1 ] disabled=yes
/interface ethernet
set [ find default-name=ether4 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n disabled=no frequency=auto installation=indoor mode=ap-bridge ssid=Tunneled tx-power=2 tx-power-mode=all-rates-fixed \
wps-mode=disabled
/interface wireguard
add listen-port=13231 mtu=1420 name=WG
add listen-port=13232 mtu=1420 name=WG-AWS
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/ip pool
add name=dhcp_pool3 ranges=192.168.101.10-192.168.101.254
add name=dhcp_pool4 ranges=192.168.101.10-192.168.101.20
add name=dhcp_pool5 ranges=192.168.102.2-192.168.102.254
add name=dhcp_pool6 ranges=192.168.168.2-192.168.168.50
/ip dhcp-server
add address-pool=dhcp_pool6 interface=wlan1 lease-time=10m name=dhcp1
/ip firewall connection tracking
set loose-tcp-tracking=no tcp-close-wait-timeout=30s tcp-fin-wait-timeout=20s tcp-last-ack-timeout=30s tcp-syn-received-timeout=1m tcp-syn-sent-timeout=1m \
tcp-time-wait-timeout=30s udp-stream-timeout=1m30s udp-timeout=20s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=0.0.0.0/0 comment="Tunnel to WG-Server" endpoint-address=94.254.x.x endpoint-port=13231 interface=WG persistent-keepalive=10s public-key=\
"JwAggcTrp6Cu7z###########t5cBKTq2X4+w0mmFYm1U="
add allowed-address=0.0.0.0/0 endpoint-address=16.170.252.170 endpoint-port=13233 interface=WG-AWS persistent-keepalive=10s public-key=\
"3bHszyhkbENv7ebJud###########NDj0VAb6k0="
/ip address
add address=192.168.101.2/24 comment="Tunnel Interface" interface=WG network=192.168.101.0
add address=192.168.168.1/24 comment="INTERNAL LAN" interface=wlan1 network=192.168.168.0
add address=10.0.3.5/24 interface=WG-AWS network=10.0.3.0
/ip arp
add address=192.168.101.20 interface=*C mac-address=A0:E7:0B:2E:82:22
/ip cloud
set ddns-enabled=yes
/ip cloud advanced
set use-local-address=yes
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.168.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.168.1
/ip dns
set allow-remote-requests=yes max-concurrent-tcp-sessions=100 query-server-timeout=4s servers=8.8.8.8
/ip firewall address-list
add address=192.168.101.10-192.168.101.254 list=WGIPS
/ip firewall filter
add action=accept chain=input disabled=yes dst-address=192.168.4.0/24 in-interface=ether2
add action=accept chain=output disabled=yes protocol=udp
add action=accept chain=output disabled=yes protocol=tcp
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=WG passthrough=yes protocol=tcp tcp-flags=syn
add action=route chain=prerouting passthrough=yes route-dst=192.168.101.1 src-address=192.168.168.0/24
/ip firewall nat
add action=src-nat chain=srcnat src-address=192.168.168.0/24 to-addresses=192.168.168.1
/ip upnp
set enabled=yes
/routing rule
add action=lookup disabled=no dst-address=192.168.101.1/24 interface=WG src-address=192.168.101.0/24 table=main
